The Federal Trade Commission has tapped privacy guru Lorrie Faith Cranor, a computer scientist with Carnegie Mellon University, to serve as its next chief technologist.
Cranor is not only a leading researcher but also a tough critic of the online ad industry's privacy initiatives. "The problem with self-regulatory privacy standards seems to be that the industry considers them entirely optional, and no regulator has yet stepped in to say otherwise," she wrote in a 2012 blog post.
Cranor will advise FTC Chairwoman Edith Ramirez on technology and policy issues. "Technology is playing an ever more important role in consumers’ lives, whether through mobile devices, personal fitness trackers, or the increasing array of Internet-connected devices we find in homes and elsewhere,” Ramirez said Thursday in a statement announcing Cranor's appointment.
Cranor, who has authored more than 150 research papers on online privacy and security, also has helped develop practical mechanisms aimed at preserving privacy.
Her academic research, combined with her efforts to design privacy-friendly features, "clearly will be valuable to the FTC," says Jules Polonetsky, executive director of the think tank Future of Privacy Forum (where Cranor serves on the advisory board).
"She brings a unique mix of technological prowess, scholarship and understanding of consumer attitudes toward privacy," Polonetsky says.
But Mike Zaneis, general counsel at the Interactive Advertising Bureau, sounded a more critical note. "The revolving door of privacy advocates masquerading as Chief Technologists continues at the FTC," he said in an email to MediaPost. "It's like they are funding a one semester internship for anyone with advocate bona fides."
Cranor helped pioneer an early effort to automate online privacy -- the Platform for Privacy Preferences, or P3P. The idea behind P3P (now largely defunct) was that sites would post privacy policies and Web browsers would then "read" those policies and decide whether to block cookies on those sites.
That determination would hinge on how users had configured their browsers' privacy settings. Cranor reported several years ago that P3P didn't function as intended because publishers did not submit accurate information.
In 2008, she blasted Web companies for crafting unreadable privacy policies. She said in a report that online privacy policies take users an average of 10 minutes to read. That report also said that if every U.S. Web user read the privacy policy at every site visited, the time spent reading privacy policies would total an estimated 44.3 billion hours per year.
Cranor's report concluded that regulation might be necessary to "provide basic privacy protections."
She will replace privacy researcher Ashkan Soltani, who has served as chief technologist since last November. Before joining the FTC, Soltani contributed to the Washington Post's prize-winning articles about former National Security Agency contractor Edward Snowden's surveillance revelations. Soltani also consulted with The Wall Street Journal for a series of pieces about tracking by online ad companies.
Other former chief technologists include privacy experts like Harvard's Latanya Sweeney, who became famous for research that cast doubt on anonymization techniques, and Princeton's Ed Felten.